I think when your shell of choice knows to expand ~user to user's home directory, it's actually looking that up in /etc/passwd, so it's nice to have it readable instead of giving all shells elevated rights.
–
Ulrich SchwarzAug 6 '12 at 9:46

2 Answers
2

/etc/passwd is sometimes called the user database. That should give us a clue as to why it needs to be readable by everyone. Any utility that inspects file metadata needs to be able to read /etc/passwd (and /etc/group) in order to be able to resolve the numerical IDs used by the kernel and its subsystems to the human-friendly names that we rely on. Tools that need to find your home directory (mail delivery agents, etc) look that information up in /etc/passwd, and inet miniservers like fingerd look up your details in /etc/passwd.

As has been pointed out elsewhere, there is no particularly sensitive data in the file, as modern systems put the password hashes in a shadow password file, which is readable only by root.

Then, is it for historical reasons it is called passwd when in fact this name does not reflect what is in the file?
–
Emanuel BergAug 6 '12 at 15:07

8

Yes, I think so. In very early versions of UNIX, the passwords were indeed stored in /etc/passwd (unencrypted at first!). By the time password hashes were moved out to a shadow file, many utilities already existed that relied on other pieces of information in /etc/passwd, so the name stuck.
–
D_ByeAug 6 '12 at 15:22